VPN services and Proxies

JonDonym and Tor may be the best anonymization systems technically, but both
share small restrictions from concept that should be considered when using
them:

Browser plugins for active contents
(Java / Flash / Silverlight / ActiveX) must be blocked, e.g. by using JonDoFox. Otherwise, your PC's/router's true IP
can be revealed by a website which secretly or visibly embeds such
programs.

While all web browsers do, some Internet applications do not support
HTTP/SOCKS proxy settings.

You have to use additional third-party software to also re-route the IP
connections from these applications to JonDonym or Tor, and thus secure their Internet connection.

The combination of JonDo with a so-called VPN system (virtual private
network) may slightly fix these restrictions: VPN software creates a single,
encrypted connection to a certain VPN provider. This one accepts, similar to an
access provider, your whole Internet data traffic (also the separately
encrypted JonDonym data traffic), and forwards it to the Internet, while all
users get the same exit IP address,
similar to JonDonym.

Of course, this provider may thereby observe your whole
Internet communication. Hence pay
attention to choose a reputable VPN provider, in particular with a reputable
company address and similar contact persons. If possible, you should also use a
VPN software directly integrated in your Internet router instead of executing a
VPN program on your own computer. Thereby the provider's software cannot harm
your computer. In addition to that, active contents cannot read
your real IP address any more. However, please note that active
contents may still read a lot of data about your computer and network
configuration.

For web surfing, VPN services should not be used.

On one hand, their hosts
usually do not ensure that users also have an uniform appearance on the Web
aside their IP address (see Data Collection Technique). The
users are thus distinguishable and easily identifiable by merging the data.

And on the other hand, a local observer on your network (ISP, WLAN) could
guesstimate websites requested over VPN simply by analyzing size and timing of
the encrypted VPN data stream. JonDonym and Tor are quite resilient against
this attack (a scientific article which demonstrates the attack is found here; the success rates are over 90% for VPNs).

Moreover, VPN systems,
as inherent to their functional principle, normally do not filter or replace
your computer's TCP packets. They thereby do not protect you from TCP timestamp attacks like JonDonym.

You should also keep in mind that VPN hosts can, unlike JonDonym and
Tor, track and save every step of yours since they control all servers in the
VPN.

Nevertheless, protection by the VPN of a professional and reputable host
is often better than no protection at all.

Proxy services are particularly famous for this kind of "anonymization on
demand", besides the already mentioned services. They are literally "proxy PCs"
which switch communication between your PC and the Internet. They relay your
data traffic to the target and send the answer back to your PC so that the web
site cannot see your IP address.

Unfortunately, proxies have a high susceptibility to misuse and user
data theft: many proxies are PCs hijacked by hackers or criminals, or even
exclusively offered for the purpose of user observation. Some automatically
give your IP address away to the target webserver. Connections with proxies are
almost always unencrypted, so that an eavesdropper on your connection could
observe your surfing behavior. Moreover, the proxy operator can, of course,
watch exactly what you are doing. Proxies offer thus, if at all, only weak
protection from the website's host but not from third parties. Their usage is
risky.

In addition to these
proxies, there are webproxy services, Internet pages with a form field
in which the user can input the target address that he want's to visit
anonymously. The webproxy subsequently delivers the content of the requested
website and automatically patches all links to use the webproxy when clicked.
For using webproxy services the browser configuration does not have to be
changed.

Compared to network proxies, they have the disadvantage not to be able
to replace each link correctly, in particular on web sites with JavaScript
code. This makes it easier that the user IP address gets "leaked" to the web
server, which the proxy should acutally prevent. Our anonymity test
displays the weakness of some web proxies:

Restrictions for the Dresden (JAP) anonymisation servers
After careful consideration we have decided to restrict the size of downloads over the Dresden (JAP) mixes a little. The reason is to allow a more fair use of scarce resources of our servers especially for users who simply want to surf the Web. more...